Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-21661
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
SQL injection in WordPress
Source: NVD (National Vulnerability Database)
Vulnerability Description
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
WordPress plugin SQL注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
WordPress是Wordpress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是WordPress开源的一个应用插件。 WordPress plugin 存在SQL注入漏洞,该漏洞源于WP_查询中的不正确清理。攻击者可利用该漏洞执行SQL注入攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
WordPresswordpress-develop < 5.8.3 -
II. Public POCs for CVE-2022-21661
#POC DescriptionSource LinkShenlong Link
1WordPress Core 5.8.2 - 'WP_Query' SQL Injectionhttps://github.com/TAPESH-TEAM/CVE-2022-21661-WordPress-Core-5.8.2-WP_Query-SQL-InjectionPOC Details
2Nonehttps://github.com/purple-WL/wordpress-CVE-2022-21661POC Details
3Wordpress 5.8.2 CVE-2022-21661 Vuln enviroment POC exploithttps://github.com/0x4E0x650x6F/Wordpress-cve-CVE-2022-21661POC Details
4WordPress WP_Query SQL Injection POChttps://github.com/z92g/CVE-2022-21661POC Details
5CVE-2022-21661 exp for Elementor custom skin.https://github.com/QWERTYisme/CVE-2022-21661POC Details
6The first poc video presenting the sql injection test from ( WordPress Core 5.8.2-'WP_Query' / CVE-2022-21661) https://github.com/APTIRAN/CVE-2022-21661POC Details
7Study and exploit the vulnerability CVE-2022-21661 that allows SQL Injections through plugins POST requests to WordPress versions below 5.8.3.https://github.com/WellingtonEspindula/SSI-CVE-2022-21661POC Details
8Demonstration of the SQL injection vulnerability in wordpress 5.8.2https://github.com/daniel616/CVE-2022-21661-DemoPOC Details
9A Python PoC of CVE-2022-21661, inspired from z92g's Go PoChttps://github.com/sealldeveloper/CVE-2022-21661-PoCPOC Details
10CVE-2022-21661 exp for Elementor custom skin.https://github.com/guestzz/CVE-2022-21661POC Details
11Script to validate WordPress CVE-2022-21661https://github.com/p4ncontomat3/CVE-2022-21661POC Details
12Nonehttps://github.com/CharonDefalt/WordPress--CVE-2022-21661POC Details
13The first poc video presenting the sql injection test from ( WordPress Core 5.8.2-'WP_Query' / CVE-2022-21661) https://github.com/safe3s/CVE-2022-21661POC Details
14CVE-2022-21661 docker and pochttps://github.com/w0r1i0g1ht/CVE-2022-21661POC Details
15Nonehttps://github.com/kittypurrnaz/cve-2022-21661POC Details
16WordPress before 5.8.3 is susceptible to SQL injection through multiple plugins or themes due to improper sanitization in WP_Query, An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-21661.yamlPOC Details
17Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/CMS%E6%BC%8F%E6%B4%9E/WordPress%20WP_Query%20SQL%20%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%20CVE-2022-21661.mdPOC Details
18A Python PoC for CVE-2022-21661, adapted from z92g's Go PoC, designed to demonstrate the vulnerability in a more accessible scripting environment.https://github.com/Fauzan-Aldi/CVE-2022-21661POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2022-21661
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: wordpress-develop
Same vendor: WordPress
Same weakness: CWE-89
V. Comments for CVE-2022-21661

No comments yet

Leave a comment